New Rules for Searching Electronic Devices at the U.S. Border

Earlier this year, U.S. Customs and Border Protection (“CPB”) revealed that, in 2017, it searched the electronic devices of approximately 50 percent more travelers than it had in the previous year. The same day, it announced that it was issuing new search guidelines for the first time since August 2009.

As a general matter, the U.S. Supreme Court and other courts have affirmed the principle that “the expectation of privacy is less at the border than it is in the interior.” See, e.g., United States v. Flores-Montamo 541 U.S. 149, 154 (2004). Under CPB’s new guidelines border officials may conduct “Basic Searches” or “Advanced Searches.” A basic search involves a manual examination of a device’s contents and can be performed without any basis for suspicion whatsoever.

An advanced search may only be performed if the CBP officer has a reasonable suspicion of criminal activity or a “national security concern.” In contrast to basic searches, advanced searches include not only manually accessing the device, but also using external equipment to review, copy, or analyze its contents. Notably, both a basic search and an advanced search may only access data stored locally on a device, and may not access remotely stored data even if accessible through applications on the device.

Also notable is the fact that the new CPB guidelines expressly state that CBP officers can seek the traveler’s assistance in opening any password-protected device. If the traveler does not provide such assistance, or CPB is otherwise unable to complete an inspection because of passcode or encryption protection, the officer may temporarily detain or even permanently seize the device.

The new search guidelines make clear that international travelers should take note that U.S. law enforcement will continue to take an aggressive approach in exercising its authority to conduct border searches, particularly of electronic devices and even in circumstances where there is no reasonable suspicion that a device contains evidence of criminal activity.

Katherine Mooney Carroll’s practice focuses on advising U.S. and international financial institutions on U.S. regulatory matters, including recent reforms pursuant to the Dodd-Frank Act, regulatory aspects of bank M&A, cybersecurity and privacy matters, and compliance with U.S. sanctions and anti-money laundering laws.

Francesco De Biasi’s practice primarily focuses on private enforcement and internal investigations of corporate wrongdoing, with a focus on the requirements under Legislative Decree 231/2001, as well as on corporate, civil, labor law and data protection matters related to white collar crimes.